Overview

overview

7

Static

static

3

ff6c9f5451...18.exe

windows7-x64

7

ff6c9f5451...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 13:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe

  • Size

    1.5MB

  • MD5

    ff6c9f545143b78ab33f7bab8f8c06b2

  • SHA1

    db07d2fbbccf51e9cf3ff88219858c301a96ae5f

  • SHA256

    0f6517cbdb0e1c10059545a41fffc813730a05bbe48c6cb34645f6fb4a0194b8

  • SHA512

    37daf4d513165848e415ce98c7aefdf0b83f0c5b194e2dfe75557e8938aad4ebf2f40024cfdd2d08e2629d7d56ae938d0f9446c18af9338fc82e9c1c7ee2f80b

  • SSDEEP

    24576:jfc5Aea9cpvmClNb10hJaothZ2/T6FBBjNPI5lqkfZSkHR82b10hJaothZ2/T6FP:mAea9eHh/ofqg4/ofp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\ff6c9f545143b78ab33f7bab8f8c06b2_JaffaCakes118.exe
          Filesize

          1.5MB

          MD5

          d2d8d967b045cd5d951bae6da6178763

          SHA1

          c9585e27bc3d3c061a0b72eec281711fb55bd65b

          SHA256

          c1b27e8be1e27b8a4efe674db397d68907ad5ed71721fc9f6b05004aec2fc714

          SHA512

          6037e386b0a40c86e9075eb75c7ecf7815586a12693aaf75c1c061068aa454b56127b07f2d85d0ed9e295db1d1113cdcf7d5317fe3c4bd083b0fb223de9ecde8

          Download Submit

        • memory/1708-0-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1708-2-0x0000000000190000-0x00000000001F6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1708-1-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/1708-13-0x0000000000400000-0x000000000045F000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2844-15-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2844-16-0x0000000000340000-0x00000000003A6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2844-23-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2844-22-0x0000000002B90000-0x0000000002BEF000-memory.dmp

          Filesize

          380KB

          Download

        • memory/2844-44-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2844-49-0x000000000FA30000-0x000000000FA6C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2844-50-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download